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METHOD TO REMOTELY QUERY, SAFELY MEASURE, AND 
SECURELY COMMUNICATE CONFIGURATION INFORMATION OF A 
NETWORKED COMPUTATIONAL DEVICE 



5 TECHNICAL FIELD 

The invention relates to a new process of communication using computers and 
associated communications infrastructure. More particularly, the invention relates to 
a method to obtain configuration information about a computational device and 
communicate that configuration information to a requestor. 

10 BACKGROUND OF THE INVENTION 

Nowadays computational devices are used in almost every area of our daily life, and 
the range of hardware devices and software applications installed on such devices, 
as well as the possible interactions and configuration options, is expanding rapidly. 
The development of the Internet and wireless communication networks adds another 
15 element - communications - where each device also has neighboring devices in its 
environment with which it interacts and communicates. Moreover, as devices 
become mobile, and as networks become dynamic - with devices being attached 
and withdrawn to networks in an ad-hoc fashion - describing the environment of a 
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computational device becomes increasingly challenging and, at the same time, 
essential for understanding its function. 

Against this background, we observe that an important task in many settings is to 
know the state or configuration of a remote computer. For example, it can be highly 
desirable for a vendor or technical support provider to know details of the 
configuration information of such a computational device in order to provide better 
customer service. Indeed, when the customer is experiencing difficulties with a 
product of the vendor, the technical support department of the vendor often needs to 
know the configuration information of the customer's computational device in order to 
trouble-shoot the product and provide a fix to solve the customer's problem. In 
another application, the technical ^help desk 5 of an enterprise - charged with keeping 
various personal computers, servers, and other network devices in good operating 
order - may need to know the configuration information of one. or more such 
computational devices to perform trouble shooting or routine maintenance tasks. In 
another application, the manager of a "server farm' - charged with offering services 
across the Internet from an array of computational devices - may need to know the 
process status of one or more server devices. 

We remark that the term configuration is best interpreted in a broad sense, including 
the location of mobile devices, the status of connected devices, the status of links to 
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connected devices, the activity and configuration of devices in proximity, and the 
status of remote devices in a relationship of trust and intimacy. 

In the current state of art, the method of requesting, gathering and transmitting of 
configuration information of a computational device is often informal, manual, 
5 insecure, and time-consuming. In the example of the technical support scenario, a 
support technician has to communicate with a customer over telephone (sometimes 
even for hours) to instruct the customer in step-by-step fashion how to collect the 
configuration information that the support technician needs. It is usually very tedious 
to explain the detailed steps that the customer must take to gather the information, 

10 and many customers are unable or unwilling to apply the concentrated effort it would 
require to obtain the needed information. As a result, the process - where attempted 
- is often frustrating and difficult. An alternative approach may include exchanging e- 
mails between the support technician and the customer. This approach still faces 
problems of customer compliance, and in addition, it exposes the configuration 

15 information of the computational device to the hackers over the Internet. 
Furthermore, this process - if it works at all - may require several rounds of e-mail 
exchange before the customer can collect the right configuration information that the 
support technician needs. 



3 
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Still another approach might be to use remote program execution (RPE), which 
includes the steps of: dispatching a codebody from the requestor to the target 
computer; executing the codebody on the target computer; performing a computation 
which obtains the desired result, and returning the result to the requestor. The 

5 persistent problem with RPE is security. Computational Devices offering RPE 
services are vulnerable to attack: if a general-purpose codebody is allowed to be 
remotely executed, this creates a security hole whereby hackers, impersonating the 
trusted authority or infiltrating the trusted domain, can insert general purpose 
programs which can be used to attack the remote machine. Perhaps more 

10 importantly, RPE is vulnerable to mistake, so that RPE is dangerous even in the 
presence of strong network security. Indeed, the configuration requestor, operating 
in good faith, can make a mistake in writing its query which can create an "infinite 
loop" or similar resource bind on the target computer, rendering the computer 
useless. Therefore, RPE is a dangerous option to employ. 

15 Donoho et al disclose in US Patent No. 6,262,362 a method for inspecting the 
properties of a computer, the computer's configuration, the contents of the 
computer's storage device, the computer's peripherals, the computer's environment, 
or the computer's affiliated computers. The method involves phrasing queries of the 
computational state in a formal language, called the relevance language, and then 

4 



WO 03/019330 PCT/US02/26829 

automatically evaluating the queries in order to probe the state of the computational 
device. The evaluation requires first parsing a relevance clause in the relevance 
language, and then translating that into a sequence of desired "inspector 
evaluations". Inspectors are pre-defined measurement tools resident on the target 
5 computer. They are invoked to inspect the state of the computer. The invention also 
provides a method to extend the relevance language by building additional 
inspectors. 

However, in the invention disclosed in the US Patent No. 6,262,362, the 
configuration information of computer is only used to perform relevance 
10 determination of an advice that is received by the computer. The primary purpose of 
the invention was not the communication or display of the configuration information, 
although it mentions a need to avoid the possibility of communicating information 
about a target computer to other party. 

What is desired is a communication network that a configuration information provider 
15 retrieves the queries from a configuration requestor, interprets the queries and 
automatically builds a human-readable, easily understood answer set. 

What is further desired is a communication network allowing a configuration provider 
to communicate the configuration information securely to the configuration requestor. 

5 
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What is further desired is a communication network allowing a configuration 
requestor to view and compare the received configuration information from the 
configuration information provider. 

What is further desired is that a process satisfying the above desiderata be 
5 transparent - the queries should be written in an intuitive and non-threatening 
language reminiscent of plain English or other natural language and the answers can 
be read and understood by non-experts. 

What is further desired is that a process satisfying the above desiderata be safe - 
robust against poorly formed or mistaken queries - in fact so robust that no well- 
10 formed query can contain infinite loops and other resource-monopolizing features. 

What is further desired is that a process satisfying the above desiderata is extensible 
- the query language can expand over time as new properties need to be examined, 
within a natural and secure scheme. 

SUMMARY OF THE INVENTION 

15 The invention disclosed herein enables a collection of computers and associated 
communications infrastructure to offer a new communications process. This process 
allows requestors to compose and transmit query documents containing queries 

6 
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about configuration information to one or more targeted computational devices for 
those devices to compose and transmit response documents containing 
corresponding configuration information to requestors. 

This process supports efficient solutions to a variety of problems in modern life, 
5 including assistance for the technical support of modern computers, assistance for 
the management of enterprise computing networks, and assistance for the 
management of server farms and other network resources. One can envision 
applications in many other areas as well, for example in the management of home 
appliances (as home appliances evolve to become networked computing devices) 
10 and in the management of maintenance of complex systems like automobiles and 
aircraft (as they evolve towards modular systems combined together as networks of 
many computational devices). In the technical support application, the disclosed 
invention provides an automatic, secure and fast way for a support technician of a 
technical support organization to query for configuration information of a customer's 
15 PC and receive an accurate, comprehensive response. The configuration information 
is delivered in encrypted form until it reaches the secure zone of the technical 
support organization where it is decrypted. So the privacy of configuration 
information of the customer's PC is protected and the security is guaranteed. 
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The presently preferred embodiment of this invention is specially tuned to address 
the concerns of consumers and providers in a technical support application. This 
particular embodiment of the invention is summarized as follows: 

The responder obtains an identity number from the provider and passes the identity 
5 number to a configuration query reader associated with the computational device. 
The requestor constructs a query document by associating a query script to the 
identity number and sends the query document from a private server 105 to a public 
server 104. The configuration query reader retrieves the query document, parses the 
queries, inspects the configuration, and obtains answers containing configuration 
10 information, constructs a response document, encrypts the response document and 
posts it to the public server 104. The private server 105 pulls the encrypted response 
document from the public server 104, decrypts the response document and displays 
it to the support technician. 

The queries are written in a formal language called relevance language naming 
15 certain properties of the environment of the consumer computer, such as system 
configuration, file system contents, attached peripherals, or remotely accessible 
data. As a special purpose language explicitly for querying properties of computers, 
the relevance language has special features that make it distinguishable from a 
general programming language. These features include: 

8 
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• Transparency. Queries about the configuration are descried in a 
high-level language reminiscent of English, and self-explanatory in 
the sense that almost anyone can see what the query is asking for. 
In other words, it is intuitive and non-threatening; 

5 • Safety for remote evaluation. In general, remote program execution 

is insecure because a program in a general programming language 
could often be a virus, worm, or trojan horse, and there is basically 
no way from looking at a high-level procedural language program to 
guarantee that it is not a virus, worm, or trojan horse. However, the 

10 relevance language cannot be used for such purposes. It is not 

procedural and does not have the capabilities that could lead to 
problems in those languages - for example no infinite loops and no 
endless recursions, because there are no loops and no recursions. 
A poorly thought-through or malicious query is not going to crash the 

15 PC that looks at it. 

• Extensibility. In order for a language of limited scope and with tight 
security guarantees to expand to handle new situations, one needs 
to be able to extend its vocabulary, conveniently and securely. The 
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system according to this invention is extensible due to its object- 
oriented nature. 

The configuration reader parses the queries written in the relevance language and 
invokes specific inspectors which can return specific properties of the computer, its 

5 configuration, its file system, or other component of interest. In effect, the list of 
properties of the environment which may be referred to in the relevance language is 
determined by the contents of the inspector library installed at run-time. Because the 
relevance language has an appearance similar to simplified English, it is very 
intuitive and non-threatening, and responder review and approval of information 

10 transfer is a reasonable option. Also, because the relevance language is a 
descriptive rather than procedural language, routine evaluation of relevance clauses 
offers a degree of safety not possible in traditional settings like remote program 
execution. For example, the relevance does not offer traditional programming 
language constructs, like do-loops, variables, and subroutine calls, which can cause 

15 infinite loops. In fact, the relevance language does not suffer from the famous Turing 
halting problem affecting high-level procedural languages. Every evaluation of a 
relevance clause must halt. 



The existence of standard inspector libraries provides the requestor with a rich 
vocabulary for describing the state of the consumer computer and its environment. 

10 
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Since the collection of inspector libraries can be dynamically expanded by 
implementing new inspectors, the configuration information of the computational 
device the requestor is able to receive is easily expanded to areas that the current 
set of inspectors do not cover. 

5 BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram illustrating a communications network in one embodiment 
of the invention; 

FIG. 2 illustrates a sample question set as seen in one embodiment of the invention; 

FIG. 3 illustrates a sample answer set containing the answers for the question set 
10 illustrated in FIG. 2; 

FIG. 4 illustrates a sample instruction-set document as seen in one embodiment of 
the invention; 

FIG. 5 illustrates the components of query document as seen in one embodiment of 
the invention; 

15 FIG. 6 illustrates the components of response document as seen in one embodiment 
of the invention; 

11 
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FIG. 7 illustrates a display the configuration reader provides for the responder to 
enter its identity number as seen in one embodiment of the invention; 

FIG. 8 illustrates another sample answer set containing content of a file stored in the 
computational device as seen in one embodiment of the invention; 

FIG. 9 illustrates a sample display where the requestor can input the identity number 
of the requestor as seen in one embodiment of the invention; 

FIG. 10 illustrates a sample display where the requestor can associate a question 
set to a responder and send the question set to the responder as seen in one 
embodiment of the invention; 

FIG. 1 1 illustrates a sample display where the requestor can send the question set to 
the responder by email as seen in one embodiment of the invention; 

FIG. 12 illustrates a sample display that lists previously received responses from the 
responder by the requestor as seen in one embodiment of the invention; 

FIG. 13 illustrates a sample display that lists two different snapshots taken a few 
month apart on the same question-sets as seen in one embbdiment of the invention; 
and 

12 
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FIG. 14 illustrates a sample display that compares two snapshots so that the 
requestor can see the difference between them as seen in one embodiment of the 
invention. 

DETAILED DESCRIPTION OF THE INVENTION 

5 The invention implements a process of communication which systematically solves 
the problem of allowing a trusted authority to obtain configuration information about a 
remote computational device over a communications network. The invention 
provides a communications system which depends on the use of computational 
devices connected by communications networks. In practice, these devices may 

10 range from traditional large-scale computers to personal computers to handheld 
personal information managers to embedded computational devices in the ambient 
environment, including consumer appliances such as remote controls and smart 
TVs, or other common computationally dense environments, such as transportation 
vehicles. The communications mechanisms could include a modem or other wired 

15 media, or wireless communications, using the Internet or other protocols, and could 
include the physical distribution of media. Whatever the specific instance, for 
purposes of the discussion herein, the computational device is referred to as a 
computer and the communications infrastructure is referred to as a network. Typical 
examples of such infrastructure include Intranets (private computer networks), and 

13 
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the Internet, the large public computer network that hosts the World Wide Web and 
related services. 

The invention architecture is best understood if a specific terminology is adopted, 
which evokes a focused instance of the above described communications problem. 
5 The computational device whose configuration information is to be provided is 
referred as the target computer. The special digital documents conveying requests to 
retrieve certain configuration information of the computational device are referred to 
as query documents. The special digital documents conveying responses to the 
query documents to provide certain configuration information of the computational 

10 device are referred to as response documents. An information requestor is an 
organization or individual which requests configuration information of the target 
computer by sending query documents and receives responses. The requestor is 
represented by one or more server computers in a communicating network of 
computers. The information provider is an organization or individual which receives 

15 query documents from the requestor and provides response documents to the 
requestor. The provider is represented by the target computer in a communicating 
network of computers. 



It is helpful to think in concrete terms, and to suppose that the requestor is in fact a 
large organization running a large-scale server computer, that the provider is in fact 

14 
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an individual represented by a single personal computer, smart TV, personal 
information manager, computationally-enabled cell phone or other personal 
computational device; and to suppose that the network of computers may 
communicate according to a protocol similar to the TCP/IP protocol now in use by 
5 the Internet. In practice, many variations can be expected. For example, a requestor 
may constitute an individual represented by a personal computer, an advice provider 
may be a corporation represented by a large-scale computing engine, and the 
communications process underlying the invention may be realized with other 
protocols operating over other physical means of communication. 

10 Using this terminology, it is now possible to describe a key purpose of the invention. 
The invention allows the information requestor to send requests to the information 
provider and receive configuration information of the target computer using the 
relevance language that makes the queries and responses easily understood by 
both participants. 

15 TECHINICAL SUPPORT APPLICATION 

The invention is best illustrated by a technical support application that implements 
the invention. This application enables a support organization to obtain information 
about the configuration of an end-user PC, including the current configuration as well 

15 
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as the original configuration, or a configuration at some earlier time. In startup mode, 
a configuration reader running on the user PC observes various aspects of the 
configuration of a brand-new system and records a snapshot of that configuration 
information in escrow on the user PC for later retrieval by the technical support 
5 organization. In interactive mode, the configuration reader interacts with a support 
technician, in real-time over the Internet, to provide information about the current 
configuration of an end-user PC, or to retrieve previously escrowed files. The 
interaction between the technician and the user is easy and understandable to both 
participants, and the technician is able to get comprehensive information about a 
10 wide range of PC attributes very efficiently. 

The communication network of a typical embodiment of the current invention is 
depicted in FIG. 1. The communications network comprises a customer 103 of a 
technical support organization, a customer PC 101, a support technician of the 
organization 102, a public server 104, and a private server 105. A client application 
15 107, which is the configuration reader, runs on the customer PC 101, and the public 
server 104 and private server 105 are running inside the technical support 
organization. The support technician 102 interacts with the private server 105 using 
the Web browser 106 running on a Web client device. The requestor comprises the 
support technician 102, the public server 104, the private server 105 and the Web 

16 
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browser 106. The responder comprises the customer 103, the customer PC 101 and 
the client application 107. 

The private server 105 is responsible for sending query documents to the public 
server 104, retrieving response documents from the public server 104 and server 
5 response documents to the Web browser where the response documents can be 
displayed. 

The public server 104 run by the support organization is responsible for serving the 
query documents to the client application 107, receiving response documents from 
the client application 107, and serving the response documents to the private server 
10 105. 

The client application 107 running on the customer PC 101 is responsible for 
retrieving query documents from the public server 104, inspecting the customer PC 
101 to obtain configuration information and constructing response documents, and 
sending the response documents to the public server 104. 

15 In standard use, the customer 103 obtains a Customer ID from the Tech Support 
technician 102, as a result of telephone, Web or e-mail contact. The customer 103 
runs the client application 107 on his/her PC and provides the Customer ID to the 

17 
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client application 107. The client application 107 communicates with the public 
server 104, which then serves up a query document associated with that Customer 
ID. The query may ask about the properties of a few or many attributes of the PC 
configuration, The client application 107 inspects the PC to obtain the desired 

5 properties, and returns a response document in encrypted form to the public server 
104 listing those properties. The public server 104 passes the response along to a 
private server 105 that decrypts and displays the configuration information to the 
support technician 102. Note that in certain deployments of the invention, there is no 
need for the Customer/Tech Support interaction to involve exchange of a unique 

10 Customer ID. 

The query documents contains queries written in a formal language known as the 
relevance language. The relevance language has an intuitively understandable plain- 
English appearance, and can invoke the hundreds of existing Inspectors for the 
process of analyzing PC configuration and behavior. The queries can thus inspect 
15 the user PC for presence of certain hardware, software, files, registry entries, and 
configuration settings. 

The technical support organization deploying the application as part of their support 
escalation process typically creates a collection of one or more query scripts, which 
direct the query process towards specific issues. Specific scripts can be invoked by 

18 
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the support technician 102 in response to specific symptoms or issues reported by 
the user. This library is a core asset for the technical support organization's call 
acceleration and support escalation procedures. 

Because the invention uses the relevance language and its associated inspector 
5 technology, the scope of the query document is easily extensible: new vocabulary to 
the relevance language can be added simply by publishing new inspectors as the 
need arises. As new support issues arise, the support organization can write new 
query documents and make them available to their support technicians for use in 
future support sessions. 

10 The invention is designed to streamline the configuration inquiry process while 
maintaining the concern for user privacy and trust. Following a consumer-oriented 
\opt-in' philosophy, the invention sets up an interaction with the consumer's machine 
in which the consumer is aware that a transaction is taking place and is notified of all 
information being gathered by the technical support organization. The invention has 

15 a user interface component which notifies the user of a pending information 
exchange, requests approval prior to sending that information out from the user's 
computer, and allows the user to review the information to be sent. Further, to 
insure that the consumer's information is only made available to the intended 
technical support organization personnel, the information is securely encrypted 

19 



WO 03/019330 PCT/US02/26829 

before transmission. A chain of authentication is used to allow the support 
organization to control the extent of information collected during the process. 

DOCUMENT TYPES 

The current invention involves creating and transferring of documents between the 
5 support organization and the end-user PC. These documents come in six different 
types: 

Question-Set Document is the most important type of document used in current 
invention. It is a text file, containing questions written in the relevance language; the 
answers to these questions drive the next steps of the support process. Question- 

10 set scripts are composed by authorized technicians to diagnose key issues and 
problems, and are typically used in one of two ways. For interactive use, they are 
placed in a library made available to all support technicians to collect key 
configuration data; in escrow use, a specific question set is distributed with a new 
machine, for processing after the machine's first initialization. FIG. 2 illustrates an 

15 extraction 200 of an exemplary question set file. 

The relevance language is an intuitive, English-like language, which is extremely 
powerful and provides access to enormous amounts of detail about the user's 
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computer. For more information about the Relevance language, see US Patent No, 
6,263,362, Donohue et al. 

The Answer-Set Document is the result of passing a Question Set document through 
the relevance engine. It is a text file that can be read and understood by laypersons 
5 or support technicians. FIG. 3 shows an extract 300 from an exemplary answer set 
file. 

The Instruction-Set Document is a document describing the interaction to be 
performed on the end-user's PC. Interactions can be constructed which capture 
current configuration data to local storage and transfer current and prior 
10 configuration data to the support organization. Configuration data may contain one or 
more Answer-Set Documents as well as the contents of arbitrary data files specified 
via the relevance language. 

FIG. 4 shows an extract 400 of an exemplary instruction-set file. A reader who can 
see it requests that a new snapshot be created, containing an answer-set created by 
15 the question-set cdrom.qna, as well as a copy of the win.ini file, It also requests that 
a Response document be created, containing both the current and the initial 
snapshots. 

21 
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The Query Document is a digitally signed document, which serves as an envelope for 
an Instruction Set document, and which also contains identification and security 
parameters. This document is transmitted from the support organization to the 
User's PC; its arrival initiates analysis of the User'smachine. 

5 

The Pointer Document is a Query document containing instructions that cause the 
configuration reader to query a server to collect a Digest document assigned to this 
customer by the support technician 102. This document is used to collect a Digest 
document, which then completes the collection process. It is used to set-up the 
10 exchange, by associating a technical support technician's query with a certain 
customer PC. 

The Response Document is the result of processing a Digest document and may 
contain multiple Answer-sets as well as local files. This document is encrypted on 
the client prior to transmission to the technical support organization. 

15 FIG. 5 depicts an exemplary structure 500 of a query document. The queries for 
configuration information are contained in Question-set documents, but those are 
wrapped up inside of a Query document, along with an Instruction-set document 
which may, for example, contain instructions to take a snapshot of system 
configuration and place in escrow. 

22 
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FIG. 6 depicts an exemplary structure 600 of a response document. The Answer- 
sets are contained in Response documents, potentially several such answer-sets 
alongside each other, and alongside copies of the contents of certain local files as 
well. The Response document encrypts the whole package for passage over the 
5 Internet. 

DESCRIPTION OF COMPONENTS 

The technical support application is organized to offer performance and scalability on 
both client-side and server-side processes and to guard user privacy. It includes the 
following components: 

10 The configuration reader contains a client application 107 that runs on the user PC, 
processing the Digest documents and Pointer documents. In interactive use, it 
performs the following steps: 

• Connecting with 'uagent' on the public server 104 (described below); 

• Gathering from the server a Query document that has been targeted to that 
1 5 user by the support technician 1 02; 

• Processing the Digest document to obtain the answers to the questions in a 
Question set, as well as configuration files, and prior configuration data; 

• Displaying the resulting data to the PC User; and, 
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• Upon user approval, encrypting and sending this result back to 'uagent' on the 
public server 104. 

The client application 107 typically uses http to communicate with the 'uagent' on the 
5 public server component. 

The client user interface design streamlines the entire process for the user; the user 
can easily scroll through a window to see what is being returned, and can simply 
click 'Send' to send the information back to the public server 104. Because the 
relevance language is intuitive and reminiscent of plain English, users who choose to 
10 inspect an answer set has no difficulty understanding what queries are being posed 
and what answers are being returned. 

The public server 104 hosts the 'uagent' cgi that provides services for the client 
application 107 and hosts the 'tagent' cgi that provides services for the Private server 
component (described below). These components are typically implemented as cgi 
15 applications that are invoked when certain http GET and POST operations are 
received from the configuration reader. The server stores Query documents and 
encrypted Response documents as they move back and forth during the process. 
Response documents are never decrypted in this environment, so even if this server 
is attacked, the users data remain private in this environment 
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The Private Server 105 is a Customer Assisted Support Interface application (CASI) 
that executes in a more protected environment. It typically uses http to access the 
public server 'tagent' component. It is a stand-alone application which provides 
various services including: 

5 • Posting Query documents to the public server 1 04; 

• Monitoring the state of the public server 104 as Query documents are taken 
and Responses are returned; 

• Pulling encrypted Responses back into the Private Server 105 environment 
where they are decrypted and displayed to the support technician 102; 

10 • Maintaining an archive of past responses that may be accessed; 

• Providing interfaces that list achieved responses and display their results; 
and 

• Providing facilities for comparing configuration data from one response or 
across responses. Thus a technician may zero in on changes to configuration 

15 data that could be the cause of a support issue. 

This application is so designed that it can be easily integrated into existing systems. 

The Support Technician Interface is typically composed of several perl scripts. This 
application has the following characteristics and functions: 
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• It executes on the same machine as the CASI application; 

• It allows a support technician to associate any of a group of Query documents 
for staging to a customer referenced by a Customer ID; 

• It provides monitoring facilities to watch as the user collects and then returns 
5 the information; 

• It allows the technician to pull the response back to the protected server, 
decrypt and display it; 

• It allows access to all prior response data collected by the technician by 
Customer-ID; 

10 • Finally, it allows the technician to view changes to configuration data. 

The invention guards the data integrity and privacy in two ways. First, underlying the 
publishing of queries is a chain of authorization to ensure that only Question-sets 
that have been explicitly authorized by the appropriate individuals in the technical 
15 support organization are recognized on customer PCs by the Configuration reader. 
Second, underlying the communications process is an encryption of the Response 
document before it leaves the Customer PC 101 for transit across the Internet, with 
decryption only taking place it once the Response document arrives at the Private 
Server 105, which typically is only accessible from inside the support organization. 
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Both features rest on the use of public-key/private-key cryptography infrastructure. 
As a result, the invention requires creation and management of digital certificates 
and private key files. Publishing Tools are typically included to provide all the needed 
functionality, and these tools may be invoked through a command line interface. 

5 CLIENT APPLICATION PROCESSING 

The processing of the invention is friendly and natural to the end-user. When the 
client application 107 is run, it typically splashes a welcome screen that welcomes 
the customer into the process with the important information that he/she is in control 
of whatever information leaves the computer. 

10 After the user opts to continue, the application next displays a screen, asking for the 
Customer ID that was provided by the support technician 102. FIG. 7 shows an 
exemplary display 700 the configuration reader provides for the responder to enter 
its ID number- 
Note that in some environments as described above, this step is skipped, because 

15 the Customer ID is already known/knowable to the application. 

Behind the scenes, an exchange takes place, and at the heart of that exchange, a 
Question-set is transmitted from the Tech Support organization to the user PC. A 
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simple example of such a question set is shown in FIG. 2. It contains a series of 
Questions of the form Q:<Query>, where <Query> denotes a phrase in the 
Relevance language. As the reader can see from the figure, the language has an 
English-like appearance 

5 This fragment provides only a superficial example of the types of queries that can be 
made in the Relevance language. More sophisticated queries can drill down to 
obtain extreme levels of detail about the system configuration. 

The client application 107 inspects the Customer PC 101 to obtain the requested 
information, and constructs a corresponding answer set. The answer set contains all 
10 the Q: lines from the question-set, and interleaves corresponding A: lines which 
contain the answers to the Q: questions. Before sending the answer set to the 
technical support organization, the application displays a preview window as shown 
in FIG. 3 which allows the user to see what information has been requested by the 
technician and approve or deny the technician's request. 

15 Because the Relevance language is very intuitive and non-threatening, user review 
and approval of information transfer is a reasonable option. In the above window, the 
user can see that the questions being answered concern the time at which the query 
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was taken and the name of the operating system; using the scroll bar, more 
questions and answers would be revealed. 

In certain settings, the support technician 102 may request not merely information 
about the configuration, but actually a literal copy of a certain file. The application 
5 can comply with this request upon user approval. FIG- 8 shows a preview of an 
exemplary query 800 that asks for a copy of the win.ini file. 

The user can thereby verify that the information being sent from the computer is 
information he/she is willing to share with the support organization. 

TECHNICIAN INTERFACE PROCESSING 

10 We now describe how the process of the invention from a support technician's 
viewpoint. To begin with, the process is hosted on a standard Web browser, and an 
interaction starts with the technician entering a Customer ID. FIG. 9 illustrates an 
exemplary display 900 where the requestor can inputs the identity number of the 
requestor. 

15 FIG, 10 illustrates an exemplary display 910 where the support technician 102 
associates a question set to a responder and send the question set to the responder. 
In this case, assume the technician has entered the Customer ID "2". This page 
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allows the support technician 102 to select specific Question-sets to be sent to the 
customer PC 101 to be answered by the configuration reader. Here, the technician 
has entered the Question-set " compare. bfast". In a typical operation, this Question- 
set is posted to the Public Server 104, where it is picked up by the configuration 
5 reader running on the customer PC. 

The support technician 102 may have an option to send the Question-set by e-mail 
FIG. 11 illustrates an exemplary display 920 where the support technician 102 sends 
the question set to the responder by email. The window allows the technician to 
include either custom or boilerplate text, and to attach a Question-set to the mail. 

10 No matter what method of query transport is chosen, the next stage of the interaction 
shows a history page, detailing the queries that have been sent, and the response 
status. FIG. 12 illustrates an exemplary display 930 that lists previously received 
responses from the responder by the support technician 102. In this case, three 
question-sets have been set to Customer #2 - on different days a month apart -- and 

15 the responses have been received in all three cases. The technician has the option 
of reviewing any or all of the results. 

An important feature of the technician interface is the availability to compare 
snapshots taken at different times. FIG. 13 illustrates an exemplary display 940 that 
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lists two different snapshots taken a few months apart on the same question-sets. In, 
this example, the technician is offered the option to compare the two files for 
differences. 

If the support technician 102 so chooses, the interface can proceed to a correlation 
5 stage, where two or more files are compared to see what differences exist among 
the snapshots. FIG. 14 illustrates an exemplary display 950 for such a comparison. 
By inspecting this display, the technician can learn about which features may have 
changed from one snapshot to the next. In this example, all the displayed questions 
have the same answers in the two different snapshots. 

10 The method steps described herein can be embodied in a set of computer readable 
instructions or codes which can be stored in any computer readable storage medium 
and can be transferred and downloaded over the Internet. 

Although the invention is described herein with reference to the preferred 
embodiment, one skilled in the art will readily appreciate that other applications may 
15 be substituted for those set forth herein without departing from the spirit and scope of 
the present invention. 

Accordingly, the invention should only be limited by the Claims included below. 
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CLAIMS 

1 . A communications network, comprising: 
a computational device; 

a requestor of configuration information of said computational device; and 
5 a responder associated with said computational device further comprising: 

a configuration reader for retrieving configuration information of said 
computational device; 

wherein configuration information is securely transferred from said responder 
to said requestor. 

10 2. A communications network, comprising: 
a computational device; 

a requestor of configuration information of said computational device; and 
a responder associated with said computational device further comprising: 
a configuration reader for retrieving configuration information of said 
15 computational device; 

wherein said requestor sends one or more query documents for configuration 
information of said computational device to said responder; 
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wherein said query documents contains queries written in a high level query 
language which is descriptive rather than procedural; 

wherein said configuration reader parses query documents from said 
requestor, inspects said computational device to obtain configuration information of 
5 said computational device by invoking one or more inspectors and returns 
corresponding configuration information of said computational device; and 

wherein said responder sends one or more response documents that contain 
corresponding configuration information to said requestor 

3. The communications network of Claim 2, wherein said configuration reader is 
10 a computer program running on said computational device. 

4. The communications network of Claim 2, wherein said configuration 
information of said computational device comprising any combination of the 
following: properties, contents or state, or properties of a local environment 
associated with said computational device; 

15 5. The communications network of Claim 2, wherein said configuration 
information may or may not include a literal copy of a file stored in said 
computational device. 
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6. The communications network of Claim 2, wherein said query documents are 
digitally signed by said requestor so that said responder can be sure that said query 
documents are from said requestor. 

7. The communications network of Claim 2, wherein said response documents 
5 are encrypted so that only said requestor can decrypt and view configuration 

information contained in said response document. 

8. The communications network of Claim 2, wherein said query language can be 
extended when new configuration information of said computational device are 
required. 

10 9. The communications network of Claim 2, wherein said responder further 
comprises a response instructor; 

wherein said configuration information can be examined visually by said 
response instructor before sending said configuration information to said requestor. 

10. The communications network of Claim 2, wherein said requestor further 
15 comprises: 

a request instructor; and 
a server; 
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wherein said request instructor posts query documents to said server that can 
only be retrieved by said responder; 

wherein said responder retrieves said query documents from said server; 
wherein said responder posts response documents to said server that can 
5 only be reviewed by said request instructor. 

11. The communications network of Claim 10, wherein said requestor further 
comprises a user interface for said request instructor to interact with said server. 

12. The communications network of Claim 11, wherein said request instructor 
reviews said answers contained in said response document through said user 

10 interface. 

13. The communications network of Claim 11, wherein said user interface is 
accessible from a Web browser. 

14. The communications network of Claim 10, wherein said server maintains an 
archive of past response documents that can be accessed by said request instructor. 

15 15. The communications network of Claim 10, wherein said server provides a 
means to compare two or more decrypted response documents. 
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16. In a communications network comprising a technical support organization, a 
support technician of said technical support organization and a customer of said 
technical support organization, an apparatus for said support technician to obtain 
configuration information of said customer's computer to accelerate analysis of 
5 technical support issues, said apparatus comprising: 

a server run by said technical support organization; 

a client application running on said customer's computer; 

a query document containing queries written in a high level query language 
which is descriptive rather than procedural; and 
10 a response document containing corresponding configuration information 

required by said query document; 

wherein said support technician posts said query document to said server; 

wherein said client application retrieves said query document from said 
server, parses said query document, inspects said computer to obtain configuration 
15 information of said computer by invoking one or more inspectors; 

wherein said client application displays said configuration information to said 
customer; 

wherein said client application returns corresponding configuration information 
of said computer to said server after approval of said customer; and 
20 wherein said support technician reviews said configuration information. 
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17. The apparatus of Claim 16, wherein said query document is digitally signed so 
that said customer can be sure that said query document is sent by said technical 
support organization. 

18. The apparatus of Claim 16, wherein said response documents are encrypted 
so that only said support technician can decrypt and view configuration information 
contained in said response document. 

19. In a communications network comprising a computational device, a requestor 
for configuration information of said computational device and a responder 
associated with said computational device to provider said configuration information, 
said responder further comprises a configuration reader for retrieving configuration 
information of said computational device, a method to retrieve said configuration 
information and securely transfer said configuration information from said responder 
to said requestor, comprising the steps of: 

assigning an identity number to said responder by said requestor; 

providing a library of query scripts written in a high level query language by 
said requestor, wherein said query language is descriptive rather than procedural; 

said requestor constructing a query document by associating one of said 
query script to said identifier; 

said requestor sending said query document to said responder; 
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parsing said queries written in said query language contained in said query 
document by said configuration reader of said responder; 

invoking inspectors by said configuration reader to obtain answers containing 
configuration information corresponding to said queries; and 
5 upon responder's approval, constructing respond documents containing said 

answers and return said respond documents to said requestor. 

20. The method of Claim 19, wherein said configuration reader is a computer 
program running on said computational device. 

21. The method of Claim 19, wherein said configuration information of said 
10 computational device comprising any combination of the following: properties, 

contents or state, or properties of a local environment associated with said 
computational device; 

22. The method of Claim 19, wherein said configuration information may or may 
not include a literal copy of a file stored in said computational device. 

15 23. The method of Claim 19, wherein said query documents are digitally signed 
by said requestor so that said responder can be sure that said query documents are 
from said requestor. 
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24. The method of Claim 19, wherein said response documents are encrypted so 
that only said requestor can decrypt and view configuration information contained in 
said response document. 

25. The method of Claim 19 ; wherein said query language can be extended when 
5 new configuration information of said computational device are required. 

26. The method of Claim 19, wherein said responder further comprises a 
response instructor; 

wherein said configuration information can be examined visually by said 
response instructor before sending said configuration information to said requestor. 

10 27. The method of Claim 19, wherein said requestor further comprises: 
a request instructor; and 
a server; 

wherein said request instructor posts query documents to said server that can 
only be retrieved by said responder; 
15 wherein said responder retrieves said query documents from said server; 

wherein said responder posts response documents to said server that can 
only be reviewed by said request instructor. 
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28. The method of Claim 19, wherein said requestor further comprises a user 
interface for said request instructor to interact with said server. 

29. The method of Claim 19, wherein said request instructor reviews said 
answers contained in said response document through said user interface. 

5 30. The method of Claim 19, wherein said user interface is accessible from a Web 
browser. 

31. The method of Claim 19, wherein said server maintains an archive of past 
response documents that can be accessed by said request instructor. 

32. The method of Claim 19, wherein said server provides a means to compare 
10 two or more decrypted response documents. 
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Item name: winjni.ini 

Path on client system: C:\WINDOWS\win.ini 
Locator relevance: file "win.ini" of windows folder 
Modification Date: Thu 1 6 Aug 2001 23:1 4:38 +0000 
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BtgFM As&fs&ati Support T&cfmotogy 



Q»A Correlator (All G&A's compared in lower case) 
Number af files cheeked: 2 



q: now (Number of Hies with question: 2) 
a: M ? 22 Jim 2001 11:23:22 -0700 (100.0%) 

q: version of bios (Number of files with question: 2) 
a: phoenix ram bios plus wrsion 1.10 a02 (100.0 %) 

q: date of bios (Number of files with question: 2) 
a: 11/30/00 (100.0%) 

q: user language (Number of files with question: 2) 
a: english (united states) (100.0 %) 

q: system language (Number of files with question: 2) 
a: english (united states) (100-0%) 

q: speed of main processor (Number of files with question: 2) 
a: 1484000000 hertz (100.0%) 
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